class RuboCop::Cop::GitlabSecurity::RedirectToParamsUpdate
Check for use of redirect_to(params.update())
Passing user params to the redirect_to method provides an open redirect
@example
# bad redirect_to(params.update(action:'main')) # good redirect_to(whitelist(params))
Constants
- MSG
Public Instance Methods
on_send(node)
click to toggle source
# File lib/rubocop/cop/gitlab-security/redirect_to_params_update.rb, line 23 def on_send(node) return unless redirect_to_params_update_node(node) add_offense(node, location: :selector) end